Time Machine blamed in Leopard security scare

Mac OS X backup may trigger vulnerable apps without warning

Another flaw has been discovered in Apple's Mac OS X 10.5 Leopard operating system that could leave Mac owners open to attack from trojans and other malware.

The problem arises from use of Time Machine, Apple's easy to use automated backup system. Blogger Stephen Pyile says old versions of applications archived on to a Time Machine enabled hard drive can be triggered to launch without warning - and that's a big problem if the app has a security flaw.

"Imagine that you trash an application because of a security flaw. Say, it handles the URL type foofoo, and is proven to be a security risk. But the developer won't fix it (or hasn't fixed it yet), so you've removed the application from your hard drive to keep yourself safe.

"It doesn't work that way - you're not safe. Time machine has made a copy in your time machine backup that Mac OS X will cheerfully launch without a warning," Pyile says.